Go to listing page

Cyware Daily Threat Intelligence, November 21, 2019

Cyware Daily Threat Intelligence, November 21, 2019

Share Blog Post

Using outdated or flawed components can invite unwanted cyber threats. In a new finding, security researchers have uncovered dozens of high-profile applications that are vulnerable to remote code execution attacks due to unpatched components. These components - libFLAC, RTMPDump, and FFmpeg - are affected by vulnerabilities that date back to 2014, 2015, and 2016. The vulnerable apps are Facebook, WeChat, ShareChat, AliExpress, Video MP3 Converter, and Lazada.

The past 24 hours also saw the discovery of a new P2P botnet dubbed Roboto. It targets Linux servers by exploiting the Webmin RCE vulnerability. The botnet is capable of launching four types of DDoS attacks, namely ICMP Flood, TCP Flood, HTTP Flood, and UDP Flood. Among other functionalities, the botnet can also gather a process’ network information, execute system commands, and run encrypted files specified in URLs.

Top Breaches Reported in the Last 24 Hours

Gekko Group leaks data
An unprotected Elasticsearch database belonging to Gekko Group had exposed more than a terabyte of sensitive data on a public server. The exposed database contained travelers’ information like names, home addresses, lodging, children’s personal information, credit card numbers, and passwords stored in plaintext. Geeko has secured the database upon being notified.

French hospital attacked
A ransomware attack at the Rouen University Hospital Charles Nicolle in the north of France has impacted all five sites of the hospital. The staff was quick at taking action and immediately shut down the IT systems to prevent the infection from spreading further.

GateHub hacked
Personal information of as many as 1.4 million user accounts of GateHub cryptocurrency wallet has been dumped online. The stolen information includes registered email addresses, passwords, two-factor authentication keys, mnemonic phrases, and wallet hashes.

Select Health Network’s data breach
Select Health Network is notifying 3,582 patients about a data breach that may have exposed their personal health information. Upon investigation, the physician group determined that the employee’s email account was accessed by an unauthorized third party between May 22 and June 13.

Top Malware Reported in the Last 24 Hours

Roboto botnet
Security researchers have discovered a new peer-to-peer botnet dubbed Roboto that is targeting Linux servers running unpatched Webmin installs. The botnet supports seven functions: reverse shell, self-uninstall, gather process’ network information, gather bot information, execute system commands, run encrypted files specified in URLs, and DDoS attacks. Roboto spreads by exploiting the Webmin RCE vulnerability tracked as CVE-2019-15107.

Decryptor for Jigsaw ransomware
Emsisoft has released a free tool to unlock files encrypted by Jigsaw ransomware. The decryption tool currently unlocks 85 variants of the malware. Jigsaw uses the AES-128 algorithm to encrypt victims’ files.

DoppelPaymer connected to BlueKeep
The Microsoft Security Response Center (MSRC) is informing customers about a misleading fact on how DoppelPaymer ransomware spreads. There has been information doing the rounds on the internet that says the ransomware’s propagation is connected with BlueKeep exploit. However, the research team has refuted the claim after investigating the matter.

Top Vulnerabilities Reported in the Last 24 Hours

Three old vulnerabilities
Three critical RCE vulnerabilities from 2014, 2015, and 2016, continue to affect the latest versions of popular apps hosted on Google Play. The flaws are tracked as CVE-2014-8962, CVE-2015-8271, and CVE-2016-3062. These flaws affect multiple apps such as Facebook, Facebook Messenger, LiveXLive, Moto Voice BETA, AliExpress, and Video MP3 Converter.

Windows UAC flaw
A high-severity flaw in Microsoft Windows can give attackers elevated privileges - ultimately allowing them to install programs, and view, change or delete data. The bug stems from User Account Control (UAC). The vulnerability is identified as CVE-2019-1388 and has a CVSS score of 7.8 out of 10.

Jetpack WordPress plugin flaw
Admins and owners of WordPress sites are urged to immediately install Jetpack 7.9.1 update to prevent a potential vulnerability that could be abused to launch attacks. The vulnerability affects versions 5.1 and after.

Top Scams Reported in the Last 24 Hours

Real estate scam
The CEO of a Swiss company has been scammed out of nearly $1 million by a multinational fraud ring. The scammers impersonated a known lawyer to dupe the CEO. The matter came to light only after the real lawyer complained of not receiving any amount. The phony email address used by scammers had an extra letter ‘S’ which went unnoticed by the CEO. The spoofed email was deliberately created to deceive the recipient into believing he was communicating with the seller’s attorney.


jigsaw ransomware
gekko group
roboto botnet
jetpack wordpress plugin
doppelpaymer ransomware

Posted on: November 21, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.